#92: get-entries needs to return the whole X509ChainEntry The "extra_data" returned by get-entries currently says: 'In the case of an X509ChainEntry, this is the "certificate_chain"'
This is insufficient. A client that calls get-entries also needs the actual leaf certificate, so that they may verify that the leaf cert really was signed by the appropriate CA private key. (Without this, the client would have to trust that the log performed that verification, unless the client happens to stumble upon that particular leaf cert some other source). -- -------------------------------------+------------------------------------- Reporter: | Owner: [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/92> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
